Security Expert: PSN Relaunch Should Have Had Government Approval

May 16, 2011 -

In an article in The Australian Queensland University of Technology professor Bill Caelli says that Sony should keep the PlayStation Network and other services that were compromised by hackers in April offline until governments around the world are satisfied that the company has put enough security in place to protect customers.

Caelli, who the publication calls a "security expert," thinks the Japanese government has the right idea in putting Sony's services on hold while it verifies the strength and depth of new security measures.

"Why is it that in the IT industry enterprises certify themselves?" he said, adding that the general public has "no way of assessing the assurances given by the owners of the system themselves."

Of course, it is too late to unring that bell; over the weekend Sony relaunched most of its PlayStation Network and other PS3 related services in North America and Europe.

Source: C&VG


Comments

Re: Security Expert: PSN Relaunch Should Have Had ...

The Playstation Store is not open. The only services being offered are home, trophy syncing, friends lists, and multi-player capabilities. In otherwords, there is no credt card info currently being used on PSN. I see no problem with allowing services that don't involve credit cards to run while the playstation's store's security is checked.

Maybe I'm being selfish because I want to play Portal 2 co-op :) Still, I have always used points cards with PSN, XBL, and iTunes. My e-mail and an old address and phone number are out there though, No big deal.

Re: Security Expert: PSN Relaunch Should Have Had ...

I'm of two minds on this.

I think a competent government body capable of granting security certifications is a good idea.

But on the other hand, while I can't speak for Australia, I believe all three branches of government in the States have repeatedly proven themselves to be utterly incompetent at understanding modern technology, and I'm not inclined to trust them on principle.

Now, if we're talking about using the same security standards used for US intelligence agencies, I'm all for that, but there's still the matter of recruiting security experts to audit.  Right now there are a lot more of those in private industry than in government, but there are also plenty of out-of-work engineers and IT guys who'd love an opportunity to do this kind of work.

Hell, I'd be happy to apply myself -- not that I'd claim to be an expert, but I know what salting is, which would tend to indicate I'm more competent than the guys Sony's been hiring.

Re: Security Expert: PSN Relaunch Should Have Had ...

This may be a good idea if there was such a thing as perfect protection, so the government could disallow it until one was established.

But, the reality is that there is no such thing as a perfect system, so we just have to go with the best that we can. Which is hopefully better than what we had before.

It just happens that sometimes the best isn't good enough.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

Is anybody actually saying Sony should have PERFECT protection?  Or even "the best"?  I think if they set the bar at "adequate" it would be a marked improvement.

There are best-practices rules agreed to throughout the security industry.  And maybe Sony was following them -- but given their track record over the past few years (music CD DRM that installs rootkits and can be circumvented by turning off Autoplay, Blu-Ray encryption cracked because keys are stored in RAM, PS3 security cracked because signatures weren't salted) I'm not inclined to give them the benefit of the doubt.

I'm not entirely sure I trust the idea of a government standards body for security at this stage, for the reasons outlined in my post below, but I think it's abundantly clear at this point that Sony shouldn't be auditing its own security.

Re: Security Expert: PSN Relaunch Should Have Had ...

Considering the remarkable number of times our own government's security has been compromised, I doubt they have any room to cast judgment.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

I agree that government agencies are very poor judge of security (having worked as a consultant for one, I can guarantee it), however, SONY is also a very bad judge of security (or at least, was up to now, maybe this was the wake-up call they needed). Either way, there really should be government recognized agencies that certify whether or not a business meets at least the minimum requirements. I'm no white hat, but I'm afraid if I tried my best to find a way into SONY's system, I would succeed, and I'm far from being the best at this game...

Re: Security Expert: PSN Relaunch Should Have Had ...

We agree on something. I'll be damned. Maybe the apocalypse IS coming. :3

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
IanCAnitia Skeeter won't allow comments because she doesn't like debate.04/01/2015 - 4:46pm
Sora-ChanTestTube did a video on the Trans-Pascific Partnership https://www.youtube.com/watch?v=7W4Zc55pCtY04/01/2015 - 4:06pm
ZippyDSMleepicking up The Feminist Wire , Mary Sue and Feminist frequency , a shame FF had to close down comments, I tend to drop anyhting that dose not allow comments these days but as seeing how much spam and trolling they get I will it slide.04/01/2015 - 4:03pm
ZippyDSMleeOkay now that I can understand, I was focusing on total outcome not just reinforcement.So its about reinforcement of poor feelings/behavior than anything else..now I get it....uhg forest for the trees.....04/01/2015 - 3:51pm
Andrew EisenBut again, to be clear, that does not mean consuming violent media will make you violent.04/01/2015 - 3:46pm
Andrew EisenZippy - Not totally sure what you're getting at but it's the same idea that when our fiction is full of stories where violence is the solution to everything, it helps reinforce the idea that violence is the answer in real life.04/01/2015 - 3:46pm
Andrew EisenAlso, just in case anyone wasn't clear on this, Sarkeesian's argument in her latest video is that we "need more women-centric stories of all kinds." That's it.04/01/2015 - 3:44pm
ZippyDSMleeAndrew Eisen Okay so would that be like violence something that has a loose tie to the real world, or would that be an oversimplification?04/01/2015 - 3:43pm
Andrew EisenThe Mary Sue reports on all kinds of fun, geeky stuff from news to movies, video games, comics, science and more.04/01/2015 - 3:42pm
ZippyDSMleeAnyone know of any fun/comedic feminist blogs that keep up with news?04/01/2015 - 3:42pm
Andrew EisenYes, kind of. Repeatedly hammering home that men are the default and women are the exception can help reinforce that idea in real life. Does that mean playing fantasy games staring male leads is going to make an individual a raging misogynist? No.04/01/2015 - 3:41pm
ZippyDSMleeThe trouble wiht twitter and FB is they give inconstant updates to those you follow and RSS feeds never worked well for me, guess I will put in my news stuff and skim it like the rest when I have time..04/01/2015 - 3:38pm
ZippyDSMleeAndrew Eisen:So a wide use of generic tropes about male leads makes it easier for males to dominate females, and females feel lesser beings in real life?04/01/2015 - 3:36pm
E. Zachary KnightZippy, they have an RSS Feed, Twitter, Facebook, and Tumblr. All links are in the side bar of their site: http://www.feministfrequency.com/04/01/2015 - 3:35pm
Andrew EisenZippy - It has an RSS and a presence on Twitter and Facebook.04/01/2015 - 3:33pm
Matthew WilsonGoogle's April fools in play pacman on google maps http://www.forbes.com/sites/erikkain/2015/04/01/the-best-places-to-play-pac-man-on-google-maps/04/01/2015 - 3:32pm
ZippyDSMleeanyone know if feministfrequency has a newsletter or update notification via the blog system they use?04/01/2015 - 3:31pm
Andrew EisenIf you're referring to the ending of Sarkeesian's latest video, no. What she said was the idea that men's experiences are universal is reinforced when the overwhelming majority of archetypal fantasy heroes are male.04/01/2015 - 3:30pm
ZippyDSMleeas it requires a lot of effort to go beyond ones experience. Hell I have like 10 crutches or so LOL, failures aside the more I am learning the more I am confused =0_o=04/01/2015 - 3:27pm
ZippyDSMleeto female….an asshole is still an asshole no matter the tropes used… On the other hand I have noticed most of my stories revolving around male leads or male main character’s. It’s what I know so it’s what I go with, is it a crutch I would guess so 04/01/2015 - 3:27pm
 

Be Heard - Contact Your Politician